Before adjourning for the year, the US Congress passed the Cybersecurity Act of 2015, and President Barack Obama signed the measure into law on December 18, 2015. The Act of 2015 aims to defend against cyberattacks by creating a framework for the voluntary sharing of cyber threat information between private entities and the federal government, as well as within agencies of the federal government. For detailed coverage on this important new legislation, please read our Special Report.

Through the Cybersecurity Nexus (CSX) program, ISACA is committed to providing security professionals with the knowledge, guidance and tools they need to help be effective at their job. We closely monitor legislation affecting cybersecurity, and are poised to keep you up-to-date on significant developments via news on this web page. It's just one of the ways we're working to be your premier resource for all things cybersecurity.

P.L. 114-113,Cybersecurity Act of 2015, signed into law December 18, 2015. Promotes and encourages the private sector and the US government to rapidly and responsibly exchange cyber threat information.

P.L. 113-274,Cybersecurity Enhancement Act of 2014, signed into law December 18, 2014. Provides an ongoing, voluntary public-private partnership to improve cybersecurity and strengthen cybersecurity research and development, workforce development and education and public awareness and preparedness.

P.L. 113-282,National Cybersecurity Protection Act of 2014, signed into law December 18, 2014. Codifies an existing operations center for cybersecurity.

P.L. 113-246, Cybersecurity Workforce Assessment Act, signed into law December 18, 2014. Directs the Secretary of Homeland Security, within 180 days and annually thereafter for three years, to conduct an assessment of the cybersecurity workforce of the Department of Homeland Security (DHS).

H.R. 234,Cyber Intelligence Sharing and Protection Act. Would provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities.

Introduced January 8, 2015, by D. Ruppersberger (D-MI)

H.R.555,Federal Exchange Data Breach Notification Act of 2015. Would require an Exchange established under the Patient Protection and Affordable Care Act to notify individuals in the case that personal information of such individuals is known to have been acquired or accessed as a result of a breach of the security of any system maintained by the Exchange.

Introduced January 27, 2015, by D. Black (R-TN)

H.R. 580,Data Accountability and Trust Act. Would protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and provide for nationwide notice in the event of a security breach.

Introduced January 28, 2015, by B. Rush (D-IL)

H.R. 1053,Commercial Privacy Bill of Rights Act of 2015. Would establish a regulatory framework for the protection of personal data for individuals under the Federal Trade Commission, and improve provisions relating to collection, use, and disclosure of personal information of children.

Introduced February 27, 2015, by A. Sires (D-NJ)

H.R. 1560,Protecting Cyber Networks Act. Would improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats.

Introduced March 24, 2015, by D. Nunes (R-CA)

Reported (Amended) April 13, 2015, by the Committee on Intelligence. H. Rept. 114-63.

H.R. 1770,Data Security and Breach Notification Act of 2015. Would require certain entities who collect and maintain personal information of individuals to secure such information and to provide notice to such individuals in the case of a breach of security involving such information.

Introduced April 14, 2015, by M. Blackburn (R-TN)

H.R. 2029,Cybersecurity Act of 2015. Would improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats.

H.R. 4350,Cybersecurity Act of 2015 Repeal. Would repeal the Cybersecurity Act of 2015.

Introduced January 8, 2016, by J. Amash (R-MI)

H.R. 5064,Improving Small Business Cyber Security Act of 2016. Would amend the Small Business Act to allow small business development centers to assist and advise small business concerns on relevant cyber security matters.

H.R. 5069,Cybersecurity Systems and Risk Reporting Act. Would amend the Sarbanes-Oxley Act of 2002 to protect investors by expanding the mandated internal controls reports and disclosures to include cybersecurity systems and risks of publicly traded companies.

S. 135,Secure Data Act of 2015. Would provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities.

Introduced January 8, 2015, by R. Wyden (D-OR)

S. 177,Data Security and Breach Notification Act of 2015. Would protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and provide for nationwide notice in the event of a breach of security.

Introduced January 13, 2015, by B. Nelson (D-FL)

S. 456,Cyberthreat Sharing Act of 2015. Would codify mechanisms for enabling cybersecurity threat indicator sharing between private and government entities, as well as among private entities, to better protect information systems.

Introduced February 11, 2015, by T. Carper (D-DE)

S. 547,Commercial Privacy Bill of Rights Act of 2015. Would establish a regulatory framework for the protection of personal data for individuals under the Federal Trade Commission, and improve provisions relating to collection, use, and disclosure of personal information of children.

Introduced February 24, 2015, by R. Menendez (D-NJ)

S. 754,Cybersecurity Information Sharing Act of 2015. Would improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats.

S. 2410,Cybersecurity Disclosure Act of 2015. Would promote transparency in the oversight of cybersecurity risks at publicly traded companies.

Introduced December 17, 2015, by J. Reed (D-RI)

S. 2665,State and Local Cyber Protection Act of 2015. Would assist with state and local coordination on cybersecurity with the national cybersecurity and communication integration center.

Introduced March 10, 2016, by G.C. Peters (D-MI)

S. 3024,Small Business Cyber Security Improvements Act of 2016. Would improve cybersecurity for small businesses.

Introduced June 6, 2016, by D. Vitter (R-LA)

Reported (w/o Amendment) June 8, 2016, by the Committee on Small Business and Entrepreneurship

THIS WEBSITE USES INFORMATION GATHERING TOOLS INCLUDING COOKIES, AND OTHER SIMILAR TECHNOLOGY.
BY USING THIS WEBSITE, YOU CONSENT TO USE OF THESE TOOLS. IF YOU DO NOT CONSENT, DO NOT USE THIS WEBSITE. USE OF THIS WEBSITE IS NOT REQUIRED BY ISACA.
OUR PRIVACY POLICY IS LOCATED HERE.